Merge pull request #76613 from DCChadwick/ocdocs9673b

osdocs9673: creating sigstore modules

Author: skopacz1

_topic_maps/_topic_map.yml

@@ -2625,6 +2625,8 @@ Topics:
     File: nodes-sno-worker-nodes
 - Name: Node metrics dashboard
   File: nodes-dashboard-using
+- Name: Manage secure signatures with sigstore
+  File: nodes-sigstore-using
 ---
 Name: Windows Container Support for OpenShift
 Dir: windows_containers

modules/nodes-sigstore-using-about.adoc

@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-sigstore-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-sigstore-using-about_{context}"]
+= About the sigstore project
+
+The sigstore project enables developers to sign-off on what they build and administrators to verify signatures and monitor workflows at scale. With the sigstore project, signatures can be stored in the same registry as the build images. A second server is not needed. The identity piece of a signature is tied to the OpenID Connect (OIDC) identity through the Fulcio certificate authority, which simplifies the signature process by allowing key-less signing. Additionally, sigstore includes Rekor, which records signature metadata to an immutable, tamper-resistant ledger.

nodes/nodes-sigstore-using.adoc

@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-sigstore-using"]
+= Manage secure signatures with sigstore
+include::_attributes/common-attributes.adoc[]
+:context: nodes-sigstore-using
+
+toc::[]
+
+You can use the sigstore project with {product-title} to improve supply chain security.
+
+// The following include statements pull in the module files that comprise
+// the assembly. Include any combination of concept, procedure, or reference
+// modules required to cover the user story. You can also include other
+// assemblies.
+
+// AManage secure signatures with SigStore
+include::modules/nodes-sigstore-using-about.adoc[leveloffset=+1]